VULHUB ™

It is reported that Serendipity is susceptible to multiple cross-site scripting and SQL injection vulnerabilities. The cross-site scripting issues present themselves in certain parameters of the 'Comment.php' script. An attacker can exploit these issues by creating a malicious link containing HTML and script code and send this link to a vulnerable user. SQL injection issues exist in the application as well. These issues affect the parameters of the 'exit.php' and 'comment.php' scripts. Due to this, attackers may supply malicious parameters to manipulate the structure and logic of SQL queries. These vulnerabilities were reported in Serendipity 0.7-beta1. Other versions may also be affected.

It is reported that Serendipity is susceptible to multiple cross-site scripting and SQL injection vulnerabilities. The cross-site scripting issues present themselves in certain parameters of the 'Comment.php' script. An attacker can exploit these issues by creating a malicious link containing HTML and script code and send this link to a vulnerable user. SQL injection issues exist in the application as well. These issues affect the parameters of the 'exit.php' and 'comment.php' scripts. Due to this, attackers may supply malicious parameters to manipulate the structure and logic of SQL queries. These vulnerabilities were reported in Serendipity 0.7-beta1. Other versions may also be affected.